| Errata ID | 651 |
|---|---|
| Date | 2020-07-08 |
| Source package | php7.0 |
| Fixed in version | 7.0.33-0+deb9u8 |
| Description | This update addresses the following issues: * 2 integer wraparound when receiving multipart forms (CVE-2019-11048) * NULL pointer dereference in PHP session upload progress (CVE-2020-7062) * files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063) * information disclosure in exif_read_data() function (CVE-2020-7064) * information disclosure in function get_headers (CVE-2020-7066) * out-of-bounds read when using a malformed url-encoded string (CVE-2020-7067) |
| Additional notes | |
| CVE ID | CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7066 CVE-2020-7067 |
| UCS Bug number | #51617 |
